Generate SSH known hosts in lib

2019-12-03 19:56:26 +01:00 · 2019-12-03 19:56:26 +01:00 · f2548258f5
parent 0ec4127225
commit f2548258f5
13 changed files with 45 additions and 29 deletions
--- a/host-registry.nix
+++ b/host-registry.nix
@ -1,8 +1,21 @@
 # Registry of C3D2 machines.

-let
-  hosts = [ "adc" "grafana" "hydra" "server7" "storage-ng" "pulsebert" "tox" ];
-in {
-  hqPublic = hosts;
-  hqPrivate = hosts;
+rec {
+  hosts = {
+    adc = { };
+    grafana.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPFB9fo01jzr2upEBEXiR7sSmeQoq9ll5Cf5/hjq5e4Y";
+    hydra.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig";
+    pulsebert.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG";
+    server7.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy";
+    storage-ng.publicKey =
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP";
+    tox = { };
+  };
+
+  hqPublic = builtins.attrNames hosts;
+  hqPrivate = builtins.attrNames hosts;
 }
--- a/hosts/hydra/configuration.nix
+++ b/hosts/hydra/configuration.nix
@ -7,7 +7,6 @@
    ./cache.nix
    ../../lib
    ../../lib/hq.nix
-    ../../lib/known-hosts.nix
    ../../lib/emery.nix
    ../../lib/buildfarmer.nix
    ../../lib/yggdrasil.nix
--- a/hosts/hydra/ssh_host_ed25519_key.pub
+++ b/hosts/hydra/ssh_host_ed25519_key.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig root@adc
--- a/hosts/hydra/ssh_host_rsa_key.pub
+++ b/hosts/hydra/ssh_host_rsa_key.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfyXyzx7SOrRs1jwsJ/wIazY76O70M2YxZlh1JOBtejKdcuvLRiCZlbySPbD0kE9d1e/2T2gfJyW9T+20jciqqkVNJNrnUKkIe4gwklOkH3+x6+dIevtgbkuPEKV+4zFWIFrCj+uYKIHJeOFab+aANlSSYmFd7dVmF+DIzMOwUZvlppjv6q4iGNVyq198mfc1MDJDqkA6mIjFngpY03Ayh7SNtlR+CVlY827xW5Wh4M93bMvApz5hMxVTyV7pTigN+zMxrLoC/tKWPT24Rra1SihlLlFUlo5FQPPAdPJ8mkdAy5nm7tsBoD9u7NLSr+32/4v3ow+FnsVW/udLHalc99PMHjeIDAS0p5HC9UZXuiAzbGpNDtv25JmNcP2W+8PgKWuM7HGv1oTy9fDM2uaH2/XxWZAmsneCl51hz+nb6FZek2qQutjOA6mueQybuH4wT54irUkLUTx55wiUQ96MzeC0hWJpEXB8Xx7kvKwvWIkHq8fB8mvPZFg13Mw8LG39J6c0e7XgUU1rIjcqud0ynHIOO0bcVIIGT2fXQLPweaTntErszqiu+VyXyNwVU8/NbvNiezneM89yHYp5zCw3UbzsfsDs4M8vhOMHWH3YPfqCR12RwrcmySR+Z22FpgrsQHNlY3tRDnFb+gm27yFrWC0VzAz4t60rqpfgaQXwiXw== root@adc
--- a/hosts/pulsebert/ssh_host_ed25519_key.pub
+++ b/hosts/pulsebert/ssh_host_ed25519_key.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG root@pulsebert
--- a/hosts/pulsebert/ssh_host_rsa_key.pub
+++ b/hosts/pulsebert/ssh_host_rsa_key.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkiECNp6xqmZHqyl+Z+klMJeiowXnQCaEna+PwsL7uWr3YhcRfVUlFM8/aN2FXHAiYePViLXVVYG2vEWW6K5SaC5abbL3zpTKtv33vW29fcrDJElCuV3WEZ+3QEyaq+c4A/mVoxsFhUsotvAmeuBe9wo2ZoGLDltETgyXMi3llTt3kG1TFdBgGNQlextubUnAw5ulqo/72OhlVOiBm4EsEXW16okkdYQ1bx1q/M24aTb9EhcUX4Z/q4zVs+pJ0AoiSw9Wal3kZUsTIKgrdaBJvr9IWrBZ5090RjbeMtT9nqcP6ZY0CEhlcpLsFCcYCt5wCuTudu7dxU2uavCcTgtO62vFdYKaasu6SGilBTs3prpZMhVnfi6VrgCcd9/7ZXgu2pxJvkPPRoLXLysfT5BvOy+YwkjA2ebNsjsaN/aB/VFmnnYZfdgDhdpuUkyDiO/kc2y1ZYzZp6vlUAtUWhgGVzyXjT9bz21eoF89Vvhaw2guQDjHk2tPqLf95iKHmY4YQ35sbkw4cRy8v1PP0bmZHgQguxWgRNRMxEo9quCHBYnsZrApKe5sUKSE/9WqI378x7+VGKDvEdMHyvJTw8VHvzuBKr/SONFn67ZC50uiMMjasnuAZYbVtcrkL09ITosev8Y/hxFmehL4wud5EDdOTTjYsIXUOW+ZTp0HrOW07wQ== root@pulsebert
--- a/hosts/server7/configuration.nix
+++ b/hosts/server7/configuration.nix
@ -9,7 +9,6 @@ in {
    ../../lib/default-gateway.nix
    ../../lib/emery.nix
    ../../lib/buildfarmer.nix
-    ../../lib/known-hosts.nix
    ../../lib/yggdrasil.nix
    ./containers
    ./hardware-configuration.nix
--- a/hosts/server7/ssh_host_ed25519_key.pub
+++ b/hosts/server7/ssh_host_ed25519_key.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert
--- a/hosts/server7/ssh_host_rsa_key.pub
+++ b/hosts/server7/ssh_host_rsa_key.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert
--- a/hosts/storage-ng/ssh_host_ed25519_key.pub
+++ b/hosts/storage-ng/ssh_host_ed25519_key.pub
@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP root@storage-ng
--- a/hosts/storage-ng/ssh_host_rsa_key.pub
+++ b/hosts/storage-ng/ssh_host_rsa_key.pub
@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoNhS3lJw+UNl5wf9pagTnnsFXbF8niZQcSr+YFr5EOwcBKCcEBRcRw9Dz4PwpZ/my8PPafB1KNclayeDJuxcSUD0+B2yetZ1G1pJC4+7zRgBlhubCf9ACBfnstNrVPDUt0kE2d7P7hvPdqo5oAjDCEWwHxcgWJEBUZNhhpcJxexhUd3+34/DfVBN8+Y9WSrYQIYq3Lilm/xdEBvvSDDpEWsnFvLG/rXlK+bju9st/bLzf8a0WwaNuG1x5/enkA0eRM3tO7lNs+ojB3lhycm/odzJvxEP3ax52vuIUpOrkmiQUHIDOVwvkqIMy1XDI8yHvFrG2oZB+bA8baIb52uNUHFwowUHypj/dI0Wa0+33Yrq4HRA3Z0H+kcTe0PuJijmzxNtHqjN4c6mfGECVhnWtVhGQ9GKmx7/DLPTKXOsXUTsHKwuIPHPiXowC1moRvDt/qsnv+opPvBNx0sEwz0v4Ef390Tk69fG3f0eG+A7reTMUcxy5gDU4WTxs7DX/6hD+AUwqCrOvbiXA79KpqA8yfbRTbgInHfRXFLdFp0u/CvXER4ayKgkfmNe+RrDogoHnoZSuGLvuklK6liF2VhzIJ2YR6CV7nG6IEG1/G9cghQ1QCyEhCjEsAaTwn7x2NsoKHlBNuxB6Ov/VOxo4ecAmXxf0/m0QoE2VQRElvcGWpw== root@storage-ng
--- a/lib/default.nix
+++ b/lib/default.nix
@ -149,6 +149,33 @@ in {
        };
      });

+    programs.ssh.knownHosts = with builtins;
+      let
+        hostNames = hostRegistry.hqPrivate;
+        intersectKeys = intersectAttrs {
+          publicKey = null;
+          publicKeyFile = null;
+        };
+        list = map (name:
+          let sshAttrs = intersectKeys (getAttr name hostRegistry.hosts);
+          in if sshAttrs == { } then
+            null
+          else {
+            inherit name;
+            value = {
+              publicKey = null;
+              publicKeyFile = null;
+              hostNames = [
+                (toHqPrivateAddress name)
+                "${name}.hq.c3d2.de"
+                "${name}.hq"
+                name
+              ];
+            } // sshAttrs;
+          }) hostNames;
+        keyedHosts = filter (x: x != null) list;
+      in listToAttrs keyedHosts;
+
    services.collectd = lib.mkIf cfg.hq.statistics.enable {
      enable = true;
      autoLoadPlugin = true;
--- a/lib/known-hosts.nix
+++ b/lib/known-hosts.nix
@ -1,14 +0,0 @@
-{ ... }: {
-  programs.ssh.knownHosts = let
-    hostNames = [ "hydra" "pulsebert" "server7" "hydra" ];
-    f = name: {
-      inherit name;
-      value = {
-        hostNames = [ name (name + ".hq.c3d2.de") ];
-        publicKeyFile = ../hosts + "/${name}/ssh_host_ed25519_key.pub";
-      };
-    };
-    hosts = map f hostNames;
-  in builtins.listToAttrs hosts;
-
-}
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDhurL/sxsXRglKdLfiWIcK+iqpyhGrGt/MoBODsgvig root@adc`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfyXyzx7SOrRs1jwsJ/wIazY76O70M2YxZlh1JOBtejKdcuvLRiCZlbySPbD0kE9d1e/2T2gfJyW9T+20jciqqkVNJNrnUKkIe4gwklOkH3+x6+dIevtgbkuPEKV+4zFWIFrCj+uYKIHJeOFab+aANlSSYmFd7dVmF+DIzMOwUZvlppjv6q4iGNVyq198mfc1MDJDqkA6mIjFngpY03Ayh7SNtlR+CVlY827xW5Wh4M93bMvApz5hMxVTyV7pTigN+zMxrLoC/tKWPT24Rra1SihlLlFUlo5FQPPAdPJ8mkdAy5nm7tsBoD9u7NLSr+32/4v3ow+FnsVW/udLHalc99PMHjeIDAS0p5HC9UZXuiAzbGpNDtv25JmNcP2W+8PgKWuM7HGv1oTy9fDM2uaH2/XxWZAmsneCl51hz+nb6FZek2qQutjOA6mueQybuH4wT54irUkLUTx55wiUQ96MzeC0hWJpEXB8Xx7kvKwvWIkHq8fB8mvPZFg13Mw8LG39J6c0e7XgUU1rIjcqud0ynHIOO0bcVIIGT2fXQLPweaTntErszqiu+VyXyNwVU8/NbvNiezneM89yHYp5zCw3UbzsfsDs4M8vhOMHWH3YPfqCR12RwrcmySR+Z22FpgrsQHNlY3tRDnFb+gm27yFrWC0VzAz4t60rqpfgaQXwiXw== root@adc
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAnEWn/8CKIiCtehh6Ha3XUQqjODj0ygyo3aGAsFWgfG root@pulsebert`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDkiECNp6xqmZHqyl+Z+klMJeiowXnQCaEna+PwsL7uWr3YhcRfVUlFM8/aN2FXHAiYePViLXVVYG2vEWW6K5SaC5abbL3zpTKtv33vW29fcrDJElCuV3WEZ+3QEyaq+c4A/mVoxsFhUsotvAmeuBe9wo2ZoGLDltETgyXMi3llTt3kG1TFdBgGNQlextubUnAw5ulqo/72OhlVOiBm4EsEXW16okkdYQ1bx1q/M24aTb9EhcUX4Z/q4zVs+pJ0AoiSw9Wal3kZUsTIKgrdaBJvr9IWrBZ5090RjbeMtT9nqcP6ZY0CEhlcpLsFCcYCt5wCuTudu7dxU2uavCcTgtO62vFdYKaasu6SGilBTs3prpZMhVnfi6VrgCcd9/7ZXgu2pxJvkPPRoLXLysfT5BvOy+YwkjA2ebNsjsaN/aB/VFmnnYZfdgDhdpuUkyDiO/kc2y1ZYzZp6vlUAtUWhgGVzyXjT9bz21eoF89Vvhaw2guQDjHk2tPqLf95iKHmY4YQ35sbkw4cRy8v1PP0bmZHgQguxWgRNRMxEo9quCHBYnsZrApKe5sUKSE/9WqI378x7+VGKDvEdMHyvJTw8VHvzuBKr/SONFn67ZC50uiMMjasnuAZYbVtcrkL09ITosev8Y/hxFmehL4wud5EDdOTTjYsIXUOW+ZTp0HrOW07wQ== root@pulsebert
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMiDm1b0NubTtcE9NuKrIpEOea5oS/yCW0Ncoaf/w3uy root@nixbert`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCmCgVZbItFsh+hwfbX5EefNF4+LgSSQw20JmqZ7UOHMtTcmoJlykr82go1L6/Qd/rOoLClEmZ4Dr+6m6LrYpys2EhRX9XNA8JXqaohMvmroYMPR3ttBkxWQq939K2hiZ67vICTYeESrqVf7B5Cj8oLnef6mKLsjQ03EAUEhFWaowUDDceH4+/M5WRwhaqTvYo78Q2lJ2971rng3tbkKdk2hQnjTK4RLsIUgm2HTkoE81kQva+7NhB1S+fNc9pfg7bDDd1CV6H1xLMYPNYgT/ivFGtf+C2JZHGmWFkk1bk96OBD7tbjuXk4hlKDp5wPcQM+hM8jemqk6VHX2QL1JU3hlgbI+LttszzA4tPMeaaUKEs9QMrXlM/9l9meA0gUuFZL1biEXTHxL05t7vYom//PtBlLKtirZQZ2plVDAd37+f1ZCIHOT7goOeOJULhNqzLU7FTQ8Jx3JFVs9EPLqej3RTXDcP99Tc6OwwdcRUWFrRRU8071JkAw5uSKNnyRQxeh8otbXijPKqfw3Hc23E38wlVFoUI9IsohLQhaTTtdqnxAp3qJyONh3zIct+VN9uM87swsKGODEgsSfvb+46H/5pRPPHMJ4DHoG+8yF0Ohu4/fV68M6nIxcl7b3z4mzkQH8mm8kydCw46x7lwQMNon7bVF1dRW0bjRW/4b7od5aQ== root@nixbert
				`@ -1 +0,0 @@`
				`ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMeg5ojU7U8+Lx824y+brazVJ007mEJDM7C7aUruOWGP root@storage-ng`
				`@ -1 +0,0 @@`
				ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCoNhS3lJw+UNl5wf9pagTnnsFXbF8niZQcSr+YFr5EOwcBKCcEBRcRw9Dz4PwpZ/my8PPafB1KNclayeDJuxcSUD0+B2yetZ1G1pJC4+7zRgBlhubCf9ACBfnstNrVPDUt0kE2d7P7hvPdqo5oAjDCEWwHxcgWJEBUZNhhpcJxexhUd3+34/DfVBN8+Y9WSrYQIYq3Lilm/xdEBvvSDDpEWsnFvLG/rXlK+bju9st/bLzf8a0WwaNuG1x5/enkA0eRM3tO7lNs+ojB3lhycm/odzJvxEP3ax52vuIUpOrkmiQUHIDOVwvkqIMy1XDI8yHvFrG2oZB+bA8baIb52uNUHFwowUHypj/dI0Wa0+33Yrq4HRA3Z0H+kcTe0PuJijmzxNtHqjN4c6mfGECVhnWtVhGQ9GKmx7/DLPTKXOsXUTsHKwuIPHPiXowC1moRvDt/qsnv+opPvBNx0sEwz0v4Ef390Tk69fG3f0eG+A7reTMUcxy5gDU4WTxs7DX/6hD+AUwqCrOvbiXA79KpqA8yfbRTbgInHfRXFLdFp0u/CvXER4ayKgkfmNe+RrDogoHnoZSuGLvuklK6liF2VhzIJ2YR6CV7nG6IEG1/G9cghQ1QCyEhCjEsAaTwn7x2NsoKHlBNuxB6Ov/VOxo4ecAmXxf0/m0QoE2VQRElvcGWpw== root@storage-ng